<?php
//$_GET['url']
//$_GET['action']={'freeze','unfreeze'
//					'request_ac','request_de'
//				}
//?
//$_GET['node_id']
//$_GET['request_id'];

function permission_check_super($user_id,$node_id) {
	$permit=permission_node($user_id,$node_id);
	if(!strstr($permit[0],'super'))
		redirect_error('You are not permitted to manage the node-' . $permit[1] . '.');
}

	include 'include/function.php';
	
	if(!isset($_GET['url']))redirect('./');
	if(!isset($_GET['action']))redirect($_GET['url']);
	$oa_action	=$_GET['action'];
	
	if($oa_action=='freeze'||$oa_action=='unfreeze') { //冻结节点
		//检测权限
		$oa_nodeid	=get_to_mysql($_GET['node_id']);
		permission_check_super($_user_id,$oa_nodeid);
		//操作
		if($oa_action=='freeze')$oa_action='yes'; else $oa_action='no';
		$query="update node set freezed='$oa_action' where id=$oa_nodeid ";
		$ret=oj_query($query);
	} else if($oa_action=='request_ac'||$oa_action=='request_de') { //权限申请的回复
		//检测权限
		$oa_reqid	=get_to_mysql($_GET['request_id']);
		$query="select node_id,user_id,level from request_permit where request_id=$oa_reqid ";
		$ret=oj_query($query);
		$row=mysql_fetch_assoc($ret);
		if(!isset($row['node_id']))redirect_error('Error: no such request.');
		permission_check_super($_user_id,$row['node_id']);
		//操作
		if($oa_action=='request_de'){
			$query="update request_permit set state='deny' where request_id=$oa_reqid ";
			$ret=oj_query($query);
		} else {
			permission_give($row['node_id'],$row['user_id'],$row['level']);
			$query="update request_permit set state='accept' where request_id=$oa_reqid ";
			$ret=oj_query($query);
		}
	}
	
	redirect($_GET['url']);
?>

